Sridhar Thumma

  • Lead SAP Security Consultant
  • New York City, NY
  • Member Since May 11, 2023

Candidates About

 

Sridhar Thumma

Professional Summary

10+ years of solid experience as a SAP Security Administrator in Implementation /Architecture/Development/Production Support of R/3(ECC 6.0/5.0,4.7, 4.6C, 4.5A, 4.0B,3.1H), BW/BI Security, Security/Architect (MM, PP, SD, FI, CO, AM, AR, AP, GL PM, HR/HCM (ESS/MSS), QM, Logistics, SCM/APO, BW/BI7.0, XI, Solution Manager, Enterprise Portals Sarbanes-Oxley Section 404, Remediation of Segregation of Duties (SOD) within SAP Implementation.

·         Involved in Three-Full Life Cycle implementations from design phase to post Implementation phase.

·         Expertise in performing SAP Licensing and appreciated by SAP License Audit USA.

  • Expertise in using SU53, PFCG. SUIM, STMS, SUPC, PFUD, ST01, SP01, SPAD, ST03, DB02, SUGR, SU21, SU20, USSM, SLAW, SMLG, SU24, SU25, ALO8, SM04, SM21, PPOC_OLD, PPOM_OLD, PPOS_OLD, PA30, PA40, OOSB, OOSP, OOPS etc.
  • Experience in Troubleshooting roles using SU53, ST01 and ST03, generating Audit Information Systems (AIS) logs (SM18, SM19, SM20).and maintaining Profile Parameters using RZ10, RZ11, RSPFPAR.
  • Extensively worked on Production support tickets and Requests. Troubleshooting authorization problems, System and User problems, Authorization Object Maintenance in various modules.

·         Experience in creating Authorization Groups for securing Tables & Programs using SE54 and RSCSAUTH.

·         Extensive Knowledge of User Groups, User Administration, Security related tables and reports/programs

·         Implementation and maintenance of Central User Administration (CUA).

  • Expertise in Security Upgrade to ECC6.0  - SU25 and BI7.0
  • Experience in security part of (Enterprise Buyer Professional) EBP 3.0 using BBPUSERMAINT, USERS_GEN and PPOMA_BBP, etc

·         Experience in HR/HCM Security.

  • Experience in implementing security in BW (3.0B, 3.1C, 3.5) and BI 7.0 including info object level security & analysis authorizations
  • Expertise in Analyzing and Processing, Segregation of Duties (SOD) and SOX issues

·         Extensively worked on Sarbanes-Oxley Compliance Projects worked with various tools like BizRight of Approva, VRAT of Virsa, Security Weaver, ERP Maestro & GRC

  • Experience in acting as liaison between HR, IT, SAP project teams, BASIS administrators, Audit and Compliance department to establish and review critical and sensitive authorizations, implemented improvements to meet audit requirements

·         Good Understanding of Net Weaver architecture and new age SAP technologies

·         Collaborate with other team members and business representatives to ensure that security settings meet requirements of the business and align with defined controls and standards

  • Respond to requests and prepare SAP security reports based on management and department needs.
  • Excellent problem solving/communication/Documentation/Training skills, customer-oriented approach to support of production processes, able to communicate with non-technical partners concerning the security or control of the business processes

 

 

Specific SAP Expertise

 

 

SAP ECC SECURITY:

 

  • Profile Generator (PFCG), Role, Profile creation, modifications, User Administration, Central User Administration (CUA), Authorization objects, User reconciliation, CATT Scripts, Transports, Trace, and Client Copies.
  • Involved in Complete SAP R/3 & ECC project lifecycle from Design phase to Post-implementation phase, Upgrade & Support of several ERP implementations involving multiple modules, from system design stage to a “Go Live” stage
  • Successfully implemented Redesign Projects involving all the modules in ECC
  • Involved in Upgrades and provided post go-live SAP Security Support.

 

BW/BI SECURITY:

 

·         BW Administration workbench - BW Info cubes, Info objects, Hierarchy, Variables, Update and transfer rules, Info Areas, Info object catalog.

·         Worked with Developers and support Engineers in defining BW Security requirements

·         Creation and maintenance of activity groups and custom authorization objects

·         Implementing Info object level BW security. Creating BW security Authorizations using RSSM transaction.

  • Set up security by INFOAREA, INFOCUBE, ODS, PSA, INFOOBJECT, QUERY and WORKBOOKS
  • RSECAUTH defined BI 7.0 Authorization(s) - used in auth object S_RS_AUTH.
  • RSUDO used to trace BI auth analysis.
  • RSD1 used create/change InfoObject auth characteristics in BI 7.0
  • Extensively used RSECADMIN and authorization object S_RS_AUTH for developing custom InfoObject security authorizations with "variable" hierarchical security at BW characteristics (data field) levels in BI 7.0.
  • Configured roles and authorization objects to secure reporting users
  • Developed Custom Authorization Objects for queries developed by the users.
  • Limiting the Query access within the BEx Analyzer
  • Implemented InfoObject Security (field-level security) for Reporting Users and also created custom reporting authorization objects
  • Secured the data presented in Queries by Hierarchy node
  • Maintained authorizations for Hierarchies
  • Create Queries and restricting access through Variable filled Authorizations

 

BUSINESS PLANNING & CONSOLIDATION (BPC):

 

  • Created users in SAP BPC system based on Windows Active Directory
  • Created Task Profiles outlining what tasks a user will perform in SAP BPC
  • Responsible for Managing and Developing the SAP BPC system
  • Responsible for the first level of support for BPC users
  • Responsible for executing reports and using input schedules to send data to SAP BPC
  • Created Member Access profiles limiting to the data a user can access in SAP BPC
  • Created Teams, assign tasks and access and then assign users to teams.
  • Assisted Audit departments by providing the appropriate User, Member Access Profile, Task Profile and Team reports

 

HR/HCM SECURITY:

 

  • Create and assign positions, and designate the chief position to the desired employee and Configure sub modules of HR like PD and PA
  • Create a personnel master record and assign it to the organizational plan using PA40 and also info type using PA30.
  • Worked on Infotype 105 to link User Ids to personnel numbers
  • Create Organizational Units by selecting the desired organizational plan
  • Create an Organizational Plan using PPOM_OLD
  • Worked on Position based security & Authorizations through PA20, PO13, PA30.
  • Worked with P_ORGIN, P_PERNR & P_PLOG Objects for different Infotypes, Subtypes
  • Worked with P_ABAP, P_PYEVDOC, P_PYEVRUN objects while building HR & Position based roles working with HR Management to verify the different Org Units
  • Worked on context based security using P_ORGINCON
  • Worked on the HR Payroll Authorizations by using the Authorization Objects: P_PCR, P_tcode & created custom authorizations – customer specific objects for the HR roles.
  • Worked on the HR structural authorizations using tcodes OOAC, OOSP and used the tables T77S0, T77UA, T77PR for user authorizations, assigning the profiles
  • Worked on the Asymmetrical & Symmetrical double verification methodology
  • Integrated Logon names, Personal Numbers (Using Communication Infotype 105) and Positions for all HR Organizational management and HR Personal Administration
  • Ensure values for the main authorization switches (OOPS) in HR are set
  • Create Structural authorization profiles (OOSP), authorization maintenance and describe the details of the profile
  • Assigning structural authorization profiles to user ID’s (or org plan using infotype 1017) using RHPROFL0 to automatically assign appropriate structural authorization profile to each user ID

 

PORTAL EXPERIENCE:

 

·         Creating users & roles in portal system and assigning the portal based roles to users in DEV, QA, PROD portal system (authentication)

·         Worked on locking & unlocking users in different SAP portal Systems.

·         Creating different Sap user groups and assigning users to the user groups.

·         Worked on LDAP system in uploading the users for the different SAP systems.

·         Run LDAPSYNC for the users to the SYNC & Push the users from SAP back end to the SAP portal system. (LDAPSYNC_USER, LDAP, LDAPLOG).

·         Configured (SSO) single sign on in Enterprise Portal. Uploaded digital certificate using STRUSTSS02 and tested for connectivity.

·         Created iViews in SAP Portal from Business Warehouse, R/3, and Web Apps.

·         Experienced in interfacing portal with other systems like R/3, SRM, BW etc.

·         Designed and created role matrices for developers and functional team.

 

CENTRAL USER ADMINISTRATION:

·         Implemented Central User Administration (CUA) within R/3, BW and HR system landscape

·         Performed user administration activities in CUA System landscape

·         Troubleshoot CUA related issues

·         Delinked/Linked child clients from CUA setup during client refreshes using the program RSDELCUA

 

SOLUTION MANAGER:

·         Created roles based on the requirements provided by the Solution Manager team.

·         Tested the roles with the help of Solution Manager Team

 

UPGRADES:

 

Upgrade from 4.6 to ECC 6.0

  • Created CATT scripts using SECATT and created test users for Unit testing in ECC 6.0.
  • Regenerated roles in ECC 6.0 as a part of upgrade and analyzed the new objects and the difference between the previous version and current version objects.
  • Dual maintenance of roles is taken care.
  • Extensively involved in finding and applying SAP Notes using SNOTE for different issues during upgrade

 

BI Upgrade (Migration from BW 3.5 to BI 7.0)

  • Analyzed their complex requirement and developed the security logic for reporting from CRM, HR & FI modules
  • Developed Analysis using RSECADMIN
  • Proposed a new security model to cut down the roles
  • Extensively used “Execute as” option under RSECADMIN while testing the solution
  • Used the “Error Logs” option under RSECADMIN to troubleshoot and trace the errors

 

HR Upgrade from 4.6 to ERP 2005

  • Analyzed differences between the objects in both versions
  • Upgraded roles from 4.7 to ERP 2005
  • Used SUIM to compare roles and made them sync with older version
  • Maintained and modified authorization object using SU24
  • Troubleshoot security related issues using SU53 and ST01
  • Unit testing all the roles in development box
  • Transported roles to quality assurance system and created test users for Integration testing and UAT testing

 

HANA Security

  • Created DBMS users using program RSUSR_DBMS_USERS
  • Assignment of DBMS roles to users via program RSUSR_DBMS_USERS
  • Assignment of Info Provider access to users via program RS2HANA_AUTH_RUN
  • Created users in Hana Studio & assign business roles to users
  • Created and maintained authorization privileges in Hana

 

IBP & SCI Security

  • Maintain Employee: Create user’s employee- Master Data record in IBP
  • Maintain Business users: Cretaed Business User Record in IBP and assigned Business Roles
  • Created SCI records

 

HCI (SAP HANA CLOUD INTEGRATION)

  • Create & Maintain users in HCI
  • Create and maintain the five (5) HCI roles. Restricted the access based on Job activity

1)      Production Operator

2)      Administrator

3)      Integration Developer

4)      Security Administrator

5)      Site Administrator

  • Created & Maintained agents
  • Set Up alerts to trigger an email each time a job is executed in production
  • Configured & Activated Security Logs to monitor the occurences of various security and access-related events

 

SAP Personas

 

  • Configured SAP Screen Personas 3.0
  • Created Personas roles based on the preconfigured Personas security roles (Admin_ Role, Editor_Role & Consumer_Role)
  • Leveraged Configuration Checklist using transaction /PERSONAS/ADMIN to run the health check tool under additional admin tasks to ensure system is healthy without any red status lights
  • Maintained role authorizations by restricting access on P_ADMIN, P_EDIT, P_RUNTIME authorization objects

 

SAP LICENSING:

 

·       Expert in performing SAP Licensing for Various clients categorizing the users for system measurement using USMM and consolidated the measurement results using SLAW and sent the licensing results to SAP, appreciated by SAP License Audit USA for the efforts.

·         Implemented a clear and defined process which would allow the clients to assign Licenses correctly.

·         Ensured Licensing Synchronicity between various production systems, ensuring the cleanup of unused licenses.

·         Reduced the amount of time SAP Measurement takes to prepare SAP Usage reports for corporate.

·         Provided Management SAP License summary reports.

 

SOX, GOVERNANCE RISK & COMPLIANCE

 

·         GRC Technical Lead – Global Implementation of GRC & GRC Certified

·         SAP User Access Management and Auditing for Sarbanes-Oxley Compliance requirements and remediation of security roles for SOD conflicts.

·         Involved in Designing and Running Internal SAP Security SOX controls. Worked with Internal and external auditors to ensure Continuous Compliance

·         Worked with process experts & head of departments for SOD conflicts and assigned appropriate roles to the users

  • Collaborated with functional module experts to obtain the Segregation of Duties matrix and made subsequent changes based on the matrix.
  • Identifying and classifying the reports to address the Delegation of authority (DOA) and Segregation of Duties issues (SoD) and Mitigating Controls.

·         Created the Business Process, Functional Groups, Risk ID’s, Rule ID’s for the Compliance Calibrator according to the Organization Requirement

·         Assigning Mitigation control to the users

  • Configured the organizational chart within the company for approval
  • Worked with audit group to Implement/Define Compensatory controls to identify risks & applied compensatory controls to the composite and single roles.
  • Implemented fire fighter to capture every action of users & used FF to give emergency access to functional team members.

·         Train Compliance and Business Leads how to interpret SoD reports and work with Security on how to resolve SoD conflicts

·         Train Compliance on how to create functions, risks and maintain CC Ruleset

·         Negotiated Business functions with business in order to reduce SoD user conflicts

·         Represented SAP Security during Sarbanes-Oxley audit

·         Remediate Sarbanes-Oxley audit results and develop mitigating controls with business leads

·         Document and enhance SAP Security processes and roles

 

 

 

CapGemini                                                                                                                        Nov 2009 – Present

Lead SAP Security/ Onsite Delivery Lead                                                          

Clients: Brookshire Grocery Company, Epson America, COX newspapers, Oklahoma Publishing Company, Karl Storz, Fresh Start Bakeries, Florida Crystals, Pioneer, GulfMark, GT SOLAR, Nordson Corp, Topco, Ferro Varroc Lighting Systems, Keurig Green Mountain, Naturipe Fresh Farms, Kronos, etc.

 

  • Supporting multiple clients at Capgemini Hosting (Support and Project Implementation)
  • Primary job responsibility include on-boarding new clients, understand client’s business processes, be a Subject Matter Expert, provide knowledge sharing with offshore teams and responsible for overall SAP Security Service Delivery
  • Deliver work within agreed SLAs
  • Primary Escalation point of contact for all clients providing 24/7 support
  • Leading & working with 30 resources from Offshore (India team), making sure the clients requirements are completed on-time, being proactive than reactive
  • Implementing SAP HANA to a Chicago Based client (Topco)

 

 

 

 

 

Smith & Nephew, INC, Memphis, TN                                                      Jan 2008– Nov 2009

Lead SAP Security Consultant                                                                                                                                                                                                                                                      

                                                                                  

                                                                                  

Harley – Davidson, Inc, Milwaukee, WI                                                 Aug 2007 – Dec 2007                         Sr. SAP Security Consultant

 

 

Steel Case, Inc, Grand Rapids, MI                                                              May 2007 – Jul 2007   SAP HCM/BI Security Consultant

 

 

 

 

Education                                                                                                                                                                                                                                                    

·         B.Tech. in Computer Science, Jawaharlal Nehru Technological University.

  • Master of Science in Business Administration, University of Memphis.